Powered by Google www.ChineseStandard.net Database: 189759 (14 Apr 2024)

GB/T 36624-2018 (GB/T36624-2018)

Standard IDContents [version]USDSTEP2[PDF] delivered inName of Chinese StandardStatus
GB/T 36624-2018English350 Add to Cart 0-9 seconds. Auto-delivery. Information technology -- Security techniques -- Authenticated encryption Valid

Standards related to: GB/T 36624-2018

GB/T 36624-2018: PDF in English (GBT 36624-2018)

GB/T 36624-2018
ICS 35.040
L 80
Information Technology - Security Techniques -
Authenticated Encryption
(ISO/IEC 19772:2009, MOD)
Issued by: State Administration for Market Regulation;
Standardization Administration of the People’s Republic of
Table of Contents
Foreword ... 3 
1 Scope ... 5 
2 Normative References ... 5 
3 Terms and Definitions ... 6 
4 Symbols ... 7 
5 Overview ... 8 
6 Authenticated Encryption Mechanism 1 ... 9 
7 Authenticated Encryption Mechanism 2 ... 11 
8 Authenticated Encryption Mechanism 3 ... 15 
9 Authenticated Encryption Mechanism 4 ... 17 
10 Authenticated Encryption Mechanism 5 ... 19 
Appendix A (normative) ASN.1 Module ... 24 
Appendix B (informative) Application Instructions for Authenticated Encryption
Mechanisms ... 25 
Appendix C (informative) Data Examples ... 29 
Bibliography ... 33 
This Standard was drafted in accordance with the rules in GB/T 1.1-2009.
This Standard adopts the re-drafting law to modify the adoption of ISO/IEC 19772:2009
Information Technology - Security Techniques - Authenticated Encryption.
In comparison with ISO/IEC 19772:2009, the technical differences and the causes for
these differences are as follows:
---In regard to normative references, this Standard makes adjustments with
technical differences, so as to adapt to the technical conditions of China. The
adjustments are concentratedly reflected in Chapter 2 “Normative References”.
The specific adjustments are as follows:
 GB/T 15852.1-2008, which equivalently adopts the international standard,
is used to replace ISO/IEC 9797-1 (see 8.4);
 GB/T 17964-2008 is used to replace ISO/IEC 10116 (see 9.3);
 GB/T 32907-2016 is used to replace ISO/IEC 18033-3 (see Chapter 5);
 GB/T 25069-2010 is added to the references (see Chapter 3);
---In Chapter 3, terms and definitions that have already been defined in the current
national standards are directly adopted; some common definitions are deleted.
In comparison with ISO/IEC 19772:2009, there are relatively significant adjustments in
structure. See the details below:
---The content of Scope in ISO/IEC 19772:2009 is modified; some content is
transferred to Chapter 5 Overview;
---In consideration of the practical application scope of China’s national conditions
technology, this Standard adopts the five authenticated encryption mechanisms
specified in Chapter 7 ~ Chapter 11 in ISO/IEC 19772:2009; deletes the
authenticated encryption mechanism specified in Chapter 6 in ISO/IEC
---Normative Appendix C in ISO/IEC 19772:2009 is adjusted to Appendix A,
correspondingly, Informative Appendix A and Appendix B in ISO/IEC
19772:2009 are respectively adjusted to Appendix B and Appendix C;
---The data example provided in Appendix C is modified to use SM4 algorithm as
an example.
This Standard makes the following editorial modification:
Information Technology - Security Techniques -
Authenticated Encryption
1 Scope
This Standard specifies five authenticated encryption mechanisms, which achieve the
following security objectives by defining the methods of processing a data string:
---Data confidentiality, which protects against unauthorized disclosure of data;
---Data integrity, which ensures that the data recipient can verify whether the data
has been modified;
---Data source authentication, which ensures that the data recipient can verify the
identity of data originator.
This Standard provides ASN.1 definition of the five authenticated encryption
This Standard is appliable to applications and systems that require data confidentiality,
integrity protection and data source authentication.
2 Normative References
The following documents are indispensable to the application of this document. In
terms of references with a specified date, only versions with a specified date are
applicable to this document. In terms of references without a specified date, the latest
version (including all the modifications) is applicable to this document.
GB/T 15852.1-2008 Information Technology - Security Techniques - Message
Authentication Codes (MACs) - Part 1: Mechanisms Using a Block Cipher (ISO/IEC
9797-1:1999, IDT)
GB/T 17964-2008 Information Technology - Security Techniques - Modes of Operation
for a Block Cipher
GB/T 25069-2010 Information Security Technology - Glossary
GB/T 32907-2016 Information Security Technology - SM4 Block Cipher Algorithm
3 Terms and Definitions
What is defined in GB/T 15852.1-2008, GB/T 17964-2008 and GB/T 25069-2010, and
the following terms and definitions are applicable to this document.
3.1 Authenticated Encryption
Authenticated encryption refers to a reversible data conversion that uses cipher
algorithm to generate a ciphertext corresponding to the data. Unauthorized entities
cannot modify the ciphertext without being detected. Meanwhile, it also provides data
confidentiality, data integrity and data source authentication.
3.2 Authenticated Encryption Mechanism
Authenticated encryption mechanism refers to a cryptographic technique used to
implement data confidentiality protection and provide data integrity and data source
authentication. It includes two processing processes, namely, encryption and
3.3 Data Integrity
Data integrity refers to the characteristic that data has not been altered or destroyed in
an unauthorized mode.
[GB/T 25069-2010, Definition 2.1.36]
3.4 Block Cipher
Block cipher, also known as block cipher algorithm, is a symmetric cipher algorithm
that partitions plaintext into fixed-length blocks for encryption.
[GB/T 17964-2008, Definition 3.1.2]
3.5 Encryption System
Encryption system refers to the cryptographic technique used to protect data
confidentiality. It includes three processing processes, namely, encryption algorithm,
decryption algorithm and key generation.
3.6 Message Authentication Code; MAC
Message authentication code refers to data item derived from the message using
symmetric cryptographic technique and secret key. Any entity holding this secret key
may utilize message authentication code to check the integrity of the message and the
[GB/T 15852.1-2008, Definition 3.2.5]
Source: Above contents are excerpted from the PDF -- translated/reviewed by: www.chinesestandard.net / Wayne Zheng et al.